As is known, to securely transmit data from one party to another in a secure communication system, the data needs to be encrypted via an encryption key and an encryption algorithm. The encryption algorithm may be a symmetric key algorithm such as the data encryption standard ("DES"), while the encryption key may be a corresponding symmetric key. The sending party encrypts the data using the symmetric key algorithm and transmits the encrypted message over a transmission medium to a receiving party. Upon receiving the encrypted message, the receiving party decrypts the message using the same symmetric key, which must be transmitted to the receiving party or derived by the receiving party by some appropriate security means.
Encrypting data using public key algorithms is somewhat more expensive than using a symmetric key algorithm, but, the cost is generally justified because of the difficulty in securely providing the symmetric key to both parties. To obtain the cost saving benefits of symmetric key encryption and the key distribution advantages of public/private key pairs, a wrapped session key is provided to the receiving party, or parties, along with the data that is encrypted using the symmetric key. The wrapped session key is the symmetric key that has been encrypted using the public key (of the public/private key pair) of the receiving party. When the receiving party receives the encrypted message, it decrypts the wrapped session key using its private key to recapture the symmetric key. Having recaptured the symmetric key, the receiving party utilizes it to decrypt the message. Typically, symmetric keys are used for a relatively short duration (e.g., a communication, a set number of communications, an hour, a day, a few days, etc.), while encryption public keys are used for longer durations (e.g., a week, a month, a year, or more).
To further enhance security of encrypted data transmissions in the secured communication system, the sending party provides its digital signature with encrypted messages that it transmits. The signature of the sending party consists of a tag computed as a function of both the data being signed and the signature private key of the sender. The receiving party using a corresponding signature public key of the sending party can validate the signature. To ensure that the receiving party is using an authentic public key of the sending party, it obtains a signature public key certificate from the directory or a certification authority. The signature public key certificate includes the signature public key of the sending party and the signature of the certification authority. After obtaining the certificate, the receiving party first verifies the signature of the certification authority using a locally stored trusted public key of the certification authority. Once the signature of the certification authority has been verified, the receiving party can trust any message that was signed by the certification authority. Thus, the signature public key certificate that the receiving party obtained is verified and the signature public key of the sending party can be trusted to verify the signature of the sending party of the message.
The above process works well when the end-users, via a computer or similar device, are directly coupled, i.e., on-line, with the communication system. When on-line with the communication system, an end-user has access to the directory such that it may obtain the encryption public key certificate of a targeted recipient and the signature public key certificate of a sending party. In addition, the end-user has access, via the directory, to certificate revocation lists and authority revocation list. The end-user utilizes the certificate and authority revocation lists, which are issued periodically (e.g., daily), to verify that the certificates it has obtained are valid, i.e., have not been revoked and have not been signed by a certification authority that has had it authority revoked. Thus, as long as an end-user has access to the directory, it can retrieve and utilize encryption public key certificates and signature public key certificates with confidence.
If a lap-top end-user is off-line from the communication system, i.e., does not have access to the directory, it cannot confidently utilize the encryption public key certificates and signature public key certificates that it has stored. The lack of confidence results when the end-user's local copies of the certificate and authority revocation lists are expired, i.e., the period for reissue has past. This, of course, assumes that the end-user has a local copy of the revocation lists. As such, the locally stored certificates are untrustworthy. While untrustworthy certificates do not prevent the physical act of encrypting and verifying, they do defeat the spirit of encrypting and verifying which devoid the security system of its integrity. As such, off-line users, especially laptop computer users, cannot securely verify signatures of received messages (e.g., e-mail messages) and cannot securely prepare outgoing messages.
Therefore, a need exists for a method and apparatus that provides off-line secure communications.